dify/api/extensions/ext_blueprints.py

from configs import dify_config
from constants import HEADER_NAME_APP_CODE, HEADER_NAME_CSRF_TOKEN, HEADER_NAME_PASSPORT
from dify_app import DifyApp

BASE_CORS_HEADERS: tuple[str, ...] = ("Content-Type", HEADER_NAME_APP_CODE, HEADER_NAME_PASSPORT)
SERVICE_API_HEADERS: tuple[str, ...] = (*BASE_CORS_HEADERS, "Authorization")
AUTHENTICATED_HEADERS: tuple[str, ...] = (*SERVICE_API_HEADERS, HEADER_NAME_CSRF_TOKEN)
FILES_HEADERS: tuple[str, ...] = (*BASE_CORS_HEADERS, HEADER_NAME_CSRF_TOKEN)


def init_app(app: DifyApp):
    # register blueprint routers

    from flask_cors import CORS

    from controllers.console import bp as console_app_bp
    from controllers.files import bp as files_bp
    from controllers.inner_api import bp as inner_api_bp
    from controllers.mcp import bp as mcp_bp
    from controllers.service_api import bp as service_api_bp
    from controllers.web import bp as web_bp

    CORS(
        service_api_bp,
        allow_headers=list(SERVICE_API_HEADERS),
        methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
    )
    app.register_blueprint(service_api_bp)

    CORS(
        web_bp,
        resources={r"/*": {"origins": dify_config.WEB_API_CORS_ALLOW_ORIGINS}},
        supports_credentials=True,
        allow_headers=list(AUTHENTICATED_HEADERS),
        methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
        expose_headers=["X-Version", "X-Env"],
    )
    app.register_blueprint(web_bp)

    CORS(
        console_app_bp,
        resources={r"/*": {"origins": dify_config.CONSOLE_CORS_ALLOW_ORIGINS}},
        supports_credentials=True,
        allow_headers=list(AUTHENTICATED_HEADERS),
        methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
        expose_headers=["X-Version", "X-Env"],
    )
    app.register_blueprint(console_app_bp)

    CORS(
        files_bp,
        allow_headers=list(FILES_HEADERS),
        methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
    )
    app.register_blueprint(files_bp)

    app.register_blueprint(inner_api_bp)
    app.register_blueprint(mcp_bp)
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00			`from configs import dify_config`
Allow custom app headers in CORS configuration (#27133) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2025-10-20 15:39:07 +08:00			`from constants import HEADER_NAME_APP_CODE, HEADER_NAME_CSRF_TOKEN, HEADER_NAME_PASSPORT`
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00			`from dify_app import DifyApp`

Allow custom app headers in CORS configuration (#27133) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2025-10-20 15:39:07 +08:00			`BASE_CORS_HEADERS: tuple[str, ...] = ("Content-Type", HEADER_NAME_APP_CODE, HEADER_NAME_PASSPORT)`
			`SERVICE_API_HEADERS: tuple[str, ...] = (*BASE_CORS_HEADERS, "Authorization")`
			`AUTHENTICATED_HEADERS: tuple[str, ...] = (*SERVICE_API_HEADERS, HEADER_NAME_CSRF_TOKEN)`
			`FILES_HEADERS: tuple[str, ...] = (*BASE_CORS_HEADERS, HEADER_NAME_CSRF_TOKEN)`

refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00
			`def init_app(app: DifyApp):`
			`# register blueprint routers`

chore: cleanup unnecessary mypy suppressions on imports (#24712) 2025-08-28 23:17:25 +08:00			`from flask_cors import CORS`
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00
			`from controllers.console import bp as console_app_bp`
			`from controllers.files import bp as files_bp`
			`from controllers.inner_api import bp as inner_api_bp`
feat: add MCP support (#20716) Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com> 2025-07-10 14:01:34 +08:00			`from controllers.mcp import bp as mcp_bp`
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00			`from controllers.service_api import bp as service_api_bp`
			`from controllers.web import bp as web_bp`

			`CORS(`
			`service_api_bp,`
Allow custom app headers in CORS configuration (#27133) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2025-10-20 15:39:07 +08:00			`allow_headers=list(SERVICE_API_HEADERS),`
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00			`methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],`
			`)`
			`app.register_blueprint(service_api_bp)`

			`CORS(`
			`web_bp,`
			`resources={r"/*": {"origins": dify_config.WEB_API_CORS_ALLOW_ORIGINS}},`
			`supports_credentials=True,`
Allow custom app headers in CORS configuration (#27133) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2025-10-20 15:39:07 +08:00			`allow_headers=list(AUTHENTICATED_HEADERS),`
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00			`methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],`
			`expose_headers=["X-Version", "X-Env"],`
			`)`
			`app.register_blueprint(web_bp)`

			`CORS(`
			`console_app_bp,`
			`resources={r"/*": {"origins": dify_config.CONSOLE_CORS_ALLOW_ORIGINS}},`
			`supports_credentials=True,`
Allow custom app headers in CORS configuration (#27133) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2025-10-20 15:39:07 +08:00			`allow_headers=list(AUTHENTICATED_HEADERS),`
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00			`methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],`
			`expose_headers=["X-Version", "X-Env"],`
			`)`
			`app.register_blueprint(console_app_bp)`

refactor: better error handler (#24422) Signed-off-by: -LAN- <laipz8200@outlook.com> 2025-08-25 09:28:42 +08:00			`CORS(`
			`files_bp,`
Allow custom app headers in CORS configuration (#27133) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> 2025-10-20 15:39:07 +08:00			`allow_headers=list(FILES_HEADERS),`
refactor: better error handler (#24422) Signed-off-by: -LAN- <laipz8200@outlook.com> 2025-08-25 09:28:42 +08:00			`methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],`
			`)`
refactor: assembling the app features in modular way (#9129) Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com> 2024-11-30 23:05:22 +08:00			`app.register_blueprint(files_bp)`

			`app.register_blueprint(inner_api_bp)`
feat: add MCP support (#20716) Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com> 2025-07-10 14:01:34 +08:00			`app.register_blueprint(mcp_bp)`